package com.example.student.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;

/**
 * 公共路径安全配置，用于处理公开的API路径
 * 优先级高于SecurityConfig
 */
@Configuration
@EnableWebSecurity
@Order(1) // 确保优先级高于SecurityConfig
public class WebSecurityConfig {

    @Bean
    public SecurityFilterChain publicApiFilterChain(HttpSecurity http) throws Exception {
        http
            // 禁用CSRF
            .csrf().disable()
            // 不创建会话
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            // 请求授权
            .requestMatchers().antMatchers(
                "/api/auth/login", 
                "/api/auth/refresh", 
                "/api/auth/check", 
                "/public/auth/login", 
                "/api/public/auth/login"
            ).and()
            .authorizeRequests().anyRequest().permitAll();
                
        return http.build();
    }
} 